CVE-2022-4295

Name of the Vulnerable Software and Affected Versions Show All Comments WordPress plugin version prior to 7.0.1

Description The issue is related to a Reflected Cross-Site Scripting attack, which could be used against logged-in high-privilege users, such as admins. This occurs because the plugin does not properly sanitise and escape a parameter before outputting it back in the page. The exploitation of this issue may allow a remote attacker to conduct cross-site scripting attacks.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.